Elizabeth L. Fokes
Information Security Risk Management, GRC
Augusta,GA
Summary
Experienced information security and GRC analyst with a background in business, customer service, relations, legal support, and IT. Over 20 years of industry experience, including 10 years in information security and risk management. Dedicated to aligning security architecture plans and processes with security standards and business objectives. Expertise in developing and testing security frameworks for cloud-based software, ensuring robust network defense strategies.
Overview
9
9
years of professional experience
5
5
Certifications
Work History
Software Security Analyst, ISRM
McKesson
04.2024 - Current
- Conducted Security Reviews for HIPAA and Annual assessments
- Risk level determination, remediation notification
- Issues Management, Triage, Treatment
Senior Compliance Analyst, GRC
Macy’s, Inc.
08.2021 - 01.2024
- Risk Analysis and threat level determination for internal, third-party, and renewal assessments
- Lead weekly Security Council meetings (members consisted of Attorney, Privacy, PCI, AI, Architecture, and other Business Principals), Mentored, Created SOPs, all routine documentation templates, Runbooks, and 3 levels of SIGs
- Presentations: Quarterly Risk level charting, documentation, Heat Mapping
- Participated in OneTrust Implementation meetings, UAT testing, enhancements, problem resolution, OneTrust Certified Expert
- Consistent partner with Legal, Procurement, PCI, Architecture, Privacy, Business Stakeholders
Information Security Analyst
FalconTek SDVOSB GovCon Services Firm
03.2021 - 06.2021
- Contract position at MARTA for GRC team
- Technical Writing – GRC Policy Updates; Participation in GRC Risk meetings
- Information Security SME
Third Party Security Analyst
Hays IT
07.2019 - 12.2019
- Contract position at WestRock for Third Party Security Management team
- Conducted 196 security reviews to assess vendors’ postures to identify risks, metric collection
- Communicated with vendors, procurement, legal, and networking teams regarding security status and requirements
- Projects: Developed Auditing and remediation tracking processes, Service Now UAT
- Consistent documentation in ServiceNow, adding/editing users in ServiceNow, creation of templates to assist with ISQ review and ISA scoping; technical writing; crafting of Remediation and Auditing Policies
Vendor Security Risk Management
Anthem
07.2017 - 06.2019
- Managed 43+ 3rd party in depth risk assessments per annum to determine potential HIPAA, HITRUST, and WISP related security risks to Anthem network
- Presentations: Risk PowerPoint slides and supporting technical documentation
- Created new processes, procedures, and policies for constantly evolving VSRM program (complete revamps); Determined remediation plans, setting timelines and tracking
- Security risk determination, reporting, monitoring; 20+ Archer implementation projects
- Outreach to external C-Suite executives regarding assessments, remediation recommendations
- SME on VSRM program, Information Security best practices and latest related news, WISP, HIPAA and HITRUST; Member of high-performance team
Information Security Consultant
MDI Group
04.2017 - 06.2017
- Technical Writing – Vulnerability Testing Reports; Use of CVSS
- Considered the best penetration testing report writer CTO has worked with
- Conducted vulnerability research and wrote remediation recommendations for 3rd party risk assessments
Jr. Security Administrator
Datalex, Inc.
10.2016 - 04.2017
- PCI-DSS 3.2 developed cadence, Policies, Procedures, Processes; Technical documentation
- Daily Security logging, administration of security controls on Linux systems
- Weekly Burp Suite scanning and analysis review of scan reports
Information Security Consultant, and Implementation Specialist
EthicalHat, Inc.
05.2016 - 10.2016
- Relationship development and presales with SMBs, Fortune 50 companies in the financial, media, and medical sectors for potential contract valuation of $4M+ involving DLP, endpoint protection, Managed services, development of SOC/NOC, and information security consulting
- PCI DSS 3.2 Compliance consultation; Process creation for core business functions
- Extensive content creation: all products and services, company blog, white papers, customized sales documents, RFPS, Technical Documents & Presentations; security researcher
- Trained other employees regarding information security concepts, social media marketing, SEO, and content development
Education
Master of Science - Information Technology
Southern Polytechnic State University
Marietta, GAMaster Certificate - Information Security and Assurance
Southern Polytechnic State University
Marietta, GABachelor of Arts - International History
Mercer University Atlanta
Atlanta, GAAssociate of Applied Science - Networking Administration
North Georgia Technical College
Clarkesville, GASkills
Certified Information Systems Security Professional
Certification
CISSP (656516)
Memberships Organizations
- GA ISSA
- ISACA
- (ISC)2
Accomplishments
Published author, ACM
Steve Case Award
Affiliations
- Association for Computing Machinery
- Society of Women Engineers
Timeline
Software Security Analyst, ISRM
McKesson
04.2024 - Current
Senior Compliance Analyst, GRC
Macy’s, Inc.
08.2021 - 01.2024
Information Security Analyst
FalconTek SDVOSB GovCon Services Firm
03.2021 - 06.2021
Third Party Security Analyst
Hays IT
07.2019 - 12.2019
Vendor Security Risk Management
Anthem
07.2017 - 06.2019
Information Security Consultant
MDI Group
04.2017 - 06.2017
Jr. Security Administrator
Datalex, Inc.
10.2016 - 04.2017
Information Security Consultant, and Implementation Specialist
EthicalHat, Inc.
05.2016 - 10.2016
Master Certificate - Information Security and Assurance
Southern Polytechnic State University
Bachelor of Arts - International History
Mercer University Atlanta
Associate of Applied Science - Networking Administration
North Georgia Technical College
Master of Science - Information Technology
Southern Polytechnic State University
Similar Profiles
Andre HenleyAndre Henley
Operations Supervisor/Receiving Supervisor at McKessonOperations Supervisor/Receiving Supervisor at McKesson
Annetta JonesAnnetta Jones
Material Handler at McKessonMaterial Handler at McKesson
ERNEST FIANKOERNEST FIANKO
Senior Warehouse Associate at MckessonSenior Warehouse Associate at Mckesson
Raymond ParraRaymond Parra
Delivery Driver at McKessonDelivery Driver at McKesson
Leo HooperLeo Hooper
Landscaping Crew Leader at Grizzly Landscaping and FenceLandscaping Crew Leader at Grizzly Landscaping and Fence